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DATA TRANSMISSION METHOD, USER EQUIPMENT AND GPRS/EDGE 
RADIO ACCESS NETWORK 

FIELD 

[0001] The invention relates to a method for transmitting data be- 
5 tween a GPRS/EDGE radio access network GERAN (General Packet Radio 
Service/Enhanced Data Rates for GSM Evolution) and user equipment of a 
mobile system, to user equipment and to a GPRS/EDGE radio access network 
GERAN. 

BACKGROUND 

10 [0002] When transmitting data from GERAN to user equipment and 

vice versa, the data to be transmitted must be encrypted (ciphered) before 
transmission for security reasons. Encryption makes tapping of signaling and 
user data difficult. The data to be transmitted is encrypted using an encryption 
algorithm at the transmitting end and the encrypted data is transmitted from 

15 the transmitting end to the receiving end, where the transmitted data is de- 
crypted using an encryption algorithm. The same encryption algorithm is used 
at both ends. 

[0003] An encryption mask created by the encryption algorithm is 
attached to the data to be encrypted using an XOR operation (logical exclusive 
20 OR operation), so the encryption does not per se increase the number of bits 
to be transmitted. This can be presented by the formula 

C=M®P (1) 

25 [0004] wherein C is the encrypted data, M is the encryption mask, P 

is the uncrypted data and © is the XOR operation. 

[0005] The encryption algorithm requires input parameters to make 
the encryption mask created by the algorithm different for each user and each 
usage time. The most important parameter is the encryption key whose length 

30 is 128 bits, for instance. A different encryption key, and thus also a different 
encryption mask, is used for each user. However, a problem arises from the 
fact that the same encryption mask cannot be used twice for data with different 
content. This prohibited situation can be described by the formula 
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P l ®M=C l 

e p 2 ®m = c 2 
p l ®p 2 = c l ® c 2 



(2) 



[0006] wherein and P 2 are uncrypted data with different content 
and C 1 and C 2 are encrypted data with different content. As can be seen, a 
5 possible eavesdropper can remove the mask by performing an XOR operation 
between the data having different content and encrypted using the same 
mask, thus breaking the encryption. 

[0007] Because of this, other parameters are also used in encryp- 
tion algorithms, for instance the encryption algorithm of a radio access network 
10 (UTRAN) employing the wideband code division multiple access method of the 
universal mobile telecommunications system (UMTS) uses as input parame- 
ters a counter parameter which changes with time, a directional parameter 
(uplink/downlink) and a bearer parameter. 

[0008] The structure of the encryption algorithm to be used in GE- 
15 RAN has not yet been decided. It should, however, meet at least the following 
requirements: 

- implicit encryption synchronization, especially in connection with 

handover, 

- similar approach to both real-time and non-real-time services, 
20 - incremental redundance, 

- multiplexing several different users to the same time slot, 

- multiplexing several different radio bearers to the same user 
equipment, 

- enabling multi-slot operation. 

25 BRIEF DESCRIPTION OF THE INVENTION 

[0009] It is an object of the invention to provide an improved 
method for transmitting data between a GPRS/EDGE radio access network 
GERAN and user equipment of a mobile system, a piece of improved user 
equipment and an improved GPRS/EDGE radio access network GERAN. As 

30 an aspect of the invention, a method according to claim 1 is presented for 
transmitting data between a GPRS/EDGE radio access network GERAN and 
user equipment of a mobile system. As a second aspect of the invention, user 
equipment according to claim 17 is presented. As a third aspect of the inven- 



tion, a GPRS/EDGE radio access network GERAN according to claim 33 is 
presented. Preferred embodiments of the invention are disclosed in the de- 
pendent claims. 

[0010] The invention is based on re-using the encryption algorithm 
of UTRAN as such in GERAN. This is made possible by defining the internal 
operation of the encryption algorithm as a black box and by modifying the in- 
put parameters required by the encryption algorithm according to the require- 
ments set by GERAN. 

[0011] The method and apparatus of the invention provide several 
improvements. Designing a new encryption algorithm is a very demanding op- 
eration. When using the invention, a new encryption algorithm need not be 
designed for GERAN, but the already designed UTRAN encryption algorithm 
can be used instead. This saves a considerable amount of work as well as 
product development costs caused by it. The invention also facilitates the de- 
sign of user equipment capable of contacting both UTRAN and GERAN. 

BRIEF DESCRIPTION OF THE FIGURES 

[0012] In the following, the invention will be described in greater 
detail by means of the preferred embodiments and with reference to the at- 
tached drawings, in which 

Figure 1 A shows an example of the structure of a cellular network, 
Figure 1B is a block diagram showing the cellular network in greater 

detail, 

Figure 1C shows a circuit-switched connection, 

Figure 1D shows a packet-switched connection, 

Figure 2 shows an example of the protocol stacks of certain parts of 
the cellular network, 

Figure 3 is a flow chart illustrating a method for data transmission, 

Figure 4 illustrates encryption at the transmitting end and decryption 
at the receiving end. 

DESCRIPTION OF EMBODIMENTS 

[0013] Specifications for third-generation mobile systems, such as 
UMTS, are being developed by 3GPP (Third Generation Partnership Project) 
whose home pages at http://www.3gpp.org contain specifications related to 
the general structure and encryption of the system, which provide a good de- 
scription enabling the use of the invention to a person skilled in the art. The 



specifications related to encryption in particular are incorporated herein by ref- 
erence: 

- 3G TS 33.102 V3.2.0: Security Architecture 

- 3G TS 25.301 V3.4.0: Radio Interface Protocol Architecture 

5 - 3G TS 33.105 V3.3.0: Cryptographic Algorithm Requirements. 

[0014] A typical radio system structure and its connections to a 
public switched telephone network and packet transmission network are de- 
scribed with reference to Figures 1A and 1B. Figure 1B only contains blocks 
essential for describing the embodiments, but it is clear to a person skilled in 

10 the art that a conventional cellular network also contains other functions and 
structures which need not be described in greater detail herein. The radio 
system of the invention uses a GPRS/EDGE radio access network GERAN. 
The term GERAN refers to an evolution of the GSM (Global System for Mobile 
Communication) system, the TDMA/136 (Time Division Multiple Access) sys- 

15 tern and the EDGE system, which is intended to provide full third-generation 
(UMTS/WCDMA/cdma2000) mobile services. 

[0015] Thus in a sense, GERAN is an intermediate form of the 
GSM-based GPRS or EGPRS (Enhanced General Packet Radio Service) and 
the universal mobile telecommunications system UMTS employing wideband 

20 code division multiple access, in which the structure of the radio access net- 
work is outlined in UMTS style and the radio access network is called GERAN, 
for instance, and in which the radio interface is, however, a normal GSM- 
based radio interface or a radio interface employing EDGE modulation. 
EGPRS is a GSM-based system utilizing packet-switched transmission. 

25 EGPRS uses EDGE technology to increase data transmission capacity. In ad- 
dition to GMSK (Gaussian Minimum-Shift Keying) modulation, which is used 
normally in GSM, it is possible to use 8-PSK (8-Phase Shift Keying) modula- 
tion for packet data channels. The aim is mainly to implement non-real-time 
data transmission services, such as file copying and the use of an Internet 

30 browser, but also real-time packet-switched services in the transmission of 
speech and video images, for instance. 

[0016] The descriptions of Figures 1A and 1B are mainly based on 
UMTS. The main parts of a mobile system are a core network CN, a UMTS 
terrestrial radio access network UTRAN, and user equipment UE. The inter- 

35 face between CN and UTRAN is called lu, and the radio interface between 
UTRAN and UE is called Uu. 
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[0017] UTRAN is made up of radio network subsystems RNS. The 
interface between RNSs is called lur. RNS is made up of a radio network con- 
troller RNC and one or more nodes B. The interface between RNC and B is 
called lub. The coverage area, i.e. cell, of a node B is marked C in Figure 1B. 
5 RNS can also be called by its more traditional name, base station system 
(BSS). The network part of the radio system thus comprises a radio access 
network UTRAN and a core network CN. 

[0018] The description in Figure 1A is very abstract so it is clarified 
in Figure 1B by indicating approximately which part of the GSM system corre- 

10 sponds to which part in UMTS. It should be noted that the presented descrip- 
tion is in no way binding but for the purpose of illustration, since the responsi- 
bilities and functions of the different parts of UMTS are still being designed. 

[0019] User equipment 150 can, for instance, be fixed, installed in a 
vehicle, or portable. The user equipment 150 is also known as a mobile station 

15 MS. The infrastructure of the radio access network UTRAN is made up of radio 
network subsystems RNS, i.e. base station systems. A radio network subsys- 
tem RNS is made up of a radio network controller RNC, i.e. base station con- 
troller, 102 and at least one node B, i.e. base station, 100 controlled by it. 

[0020] The base station B has a multiplexer 116, transceivers 114 

20 and a control unit 1 1 8 which controls the operation of the transceivers 114 and 
the multiplexer 116. Traffic and control channels used by the transceivers 114 
are placed on the transmission link 160 by the multiplexer 116. 

[0021] The transceivers 1 14 of the base station B are connected to 
an antenna unit 112 which implements a bi-directional radio link Uu to the user 

25 equipment 150. The structure of frames transmitted in the bi-directional radio 
link Uu is exactly defined. 

[0022] The radio network controller RNC comprises a group 
switching field 120 and control unit 124. The group switching field 120 is used 
for speech and data connection and to connect signaling circuits. The base 

30 station system formed by the base station B and the radio network controller 
RNC also comprises a transcoder 122. Work distribution between the radio 
network controller RNC and the base station B as well as their physical struc- 
ture can vary depending on implementation. Typically, the base station B 
takes care of the radio path implementation as described above. The radio 

35 network controller RNC typically takes care of the following: management of 



radio resources, control of handover between cells, power adjustment, timing 
and synchronization, paging user equipment. 

[0023] The transcoder 122 is usually located as close as possible to 
a mobile switching center 132, because speech can then be transmitted in 
5 mobile telephone system format between the transcoder 122 and the radio 
network controller RNC, saving transmission capacity. The transcoder 122 
converts the different digital coding formats of speech used between the public 
switched telephone network and the mobile network to be compatible with 
each other, for instance from the 64 kbit/s format of a public network to an- 

10 other (e.g. 13 kbit/s) format of a cellular network and vice versa. The hardware 
required is not described in detail herein, but it can be noted that other data 
than speech is not converted in the transcoder 122. The control unit 124 takes 
care of call control, mobility management, collection of statistics, and signaling. 

[0024] The core network CN comprises an infrastructure belonging 

15 to a mobile telephone system and external to UTRAN. Of the apparatuses 
belonging to the circuit-switched transmission of the core network CN, Figure 
1B shows the mobile switching center 132. 

[0025] As shown in Figure 1B, connections (shown as black dots) 
can be made with the switching field 120 to both a public switched telephone 

20 network 1 34 through the mobile switching center 1 32 and to a packet-switched 
network 142. A typical terminal 136 in the public switched telephone network 
134 is a conventional phone or an ISDN (Integrated Services Digital Network) 
phone. Packet transmission is performed from a computer 148 connecting to 
the mobile system through the Internet 146 to a portable computer 152 con- 

25 nected to the user equipment 150. Instead of a combination of the user 
equipment 150 and portable computer 152, a WAP (Wireless Application Pro- 
tocol) phone can be used. 

[0026] The connection between the packet transmission network 
142 and the switching field 120 is established by a serving GPRS support 

30 node (SGSN) 140. The task of the serving support node 140 is to transmit 
packets between the base station system and a gateway GPRS support node 
(GGSN) 144, and to record the location of the user equipment 150 in its area. 

[0027] The gateway support node 144 connects the public packet 
transmission network 146 and the packet transmission network 142. An Inter- 

35 net protocol or an X.25 protocol can be used in the interface. The gateway 
support node 144 hides by encapsulation the internal structure of the packet 



transmission network 142 from the public packet transmission network 146 so 
that to the public packet transmission network 146, the packet transmission 
network 142 seems like a sub-network and the public packet transmission 
network 146 can address packets to and receive packets from the user 
5 equipment 150 in it. 

[0028] The packet transmission network 142 is typically a private 
network that uses an Internet protocol and transfers signaling and user data. 
Depending on the operator, the structure of the network 142 may vary in its 
architecture and protocols below the Internet protocol layer. 

10 [0029] The public packet transmission network 146 can be the In- 

ternet, for instance, over which a terminal 148, such as a server, connected to 
it can transmit packets to user equipment 150. 

[0030] Figure 1C shows how a circuit-switched transmission link is 
established between the user equipment 150 and the public switched tele- 

15 phone network terminal 136. In the figures, a thick line shows how data is 
transmitted through the system over a radio interface 170 from the antenna 
1 12 to the transceiver 114 and from there, after multiplexing in the multiplexer 
116, over the transmission link 160 to the switching field 120 which has a con- 
nection to an output to the transcoder 122, and from there on, through a con- 

20 nection made in the mobile switching center 132 to the terminal 136 connected 
to the public switched telephone network 134. In the base station 100, the 
control unit 118 controls the multiplexer 116 in performing the transmission, 
and in the base station controller 102, the control unit 124 controls the switch- 
ing field 120 to make a correct connection. 

25 [0031] Figure 1D shows a packet-switched transmission link. A 

portable computer 152 is now connected to the user equipment 150. A thick 
line shows how the data being transmitted advances from the server 148 to 
the portable computer 152. Data can naturally also be transmitted in the oppo- 
site transmission direction, i.e. from the portable computer 152 to the server 

30 148. The data advances through the system over the radio interface, i.e. Urn 
interface, 170, from the antenna 112 to the transceiver 114, and from there, 
after multiplexing in the multiplexer 116, over the transmission link 160 and 
Abis interface to the switching field 120, from which a connection has been 
established to an output to the support node 140 on the Gb interface, from the 

35 support node 140, the data is transmitted over the packet transmission net- 



work 142 through the gateway node 144 to the server 148 connected to the 
public packet transmission network 146. 

[0032] For clarity's sake, Figures 1C and 1D do not show a case 
where both circuit-switched and packet-switched data is transmitted simulta- 
5 neously. This is, however, completely possible and common, since free ca- 
pacity can flexibly be taken into use from circuit-switched data transmission to 
packet-switched transmission. A network can also be built, in which only 
packet data is transmitted. In such a case, the structure of the network can be 
simplified. 

10 [0033] Let us examine Figure 1 D again. The different entities of the 

UMTS system - CN, UTRAN/GERAN, RNS/BSS, RNC/BSC, B/BTS - are out- 
lined in the figure by dashed-line boxes. In a packet-switched environment, the 
core network CN comprises a support node 140, packet transmission network 
142 and gateway node 144. 

15 [0034] In addition to what is described above, GPRS has two spe- 

cific elements: a channel codec unit CCU and a packet control unit PCU. 
CCU's tasks include channel coding including FEC (Forward Error Coding) 
and interleaving, radio channel measuring functions, such as quality level of 
received signal, reception power of received signal and information related to 

20 timing advance measurements. PCU's tasks include segmenting and re- 
assembly of an LLC (Logical Link Control) segment, ARQ (Automatic Repeat 
Request) functions, PDCH (Packet Data Channel) scheduling, channel access 
control and radio channel management functions. CCU 182 resides in the 
base station 100, and depending on its implementation, it can be considered 

25 to be a time-slot-specific or a transceiver-specific unit. PCU 180 is connected 
to CCU 182 over an Abis interface. PCU can reside in the base station 100 or 
in the base station controller 102. Figure 1C shows PCU 180 in the base sta- 
tion controller 102, but for clarity's sake, its location in the base station 100 
has not been shown. 

30 [0035] Figure 1 D also shows the structure of the user equipment 

UE with respect to the parts of interest to the present application. The user 
equipment UE comprises an antenna 190 through which a transceiver 192 
receives signals from a radio path 170. The operation of the user equipment 
UE is controlled by a control unit 194, which is typically a microprocessor with 

35 the necessary software. Protocol processing described later is also performed 
with said software. In addition to the described parts, the user equipment UE 



also comprises a user interface, which typically contains a loudspeaker, mi- 
crophone, display and keyboard, and a battery. These are, however, not de- 
scribed in more detail herein, because they are not of interest to the present 
invention. 

5 [0036] The structure of the transceiver in the base station B or the 

structure of the transceiver in the user equipment UE are not described in 
more detail herein, because it is clear to a person skilled in the art how said 
apparatuses are implemented. It is, for instance, possible to use a normal ra- 
dio network transceiver and user equipment transceiver according to EGPRS. 
10 For the present application it is only important that the radio link 170 can be 
implemented, since the operation required by the application is then performed 
in the higher OSI (Open Systems Interconnection) model layers, especially in 
the third layer. 

[0037] Figure 2 shows packet protocol stacks of the EGPRS control 

15 plane. It should, however, be noted that the embodiments are not limited to 
EGPRS. The protocol stacks are formed according to the OSI (Open Systems 
Interconnection) model of ISO (International Standardization Organization). In 
the OSI model, the protocol stacks are divided into layers. In principle, there 
can be seven layers. Figure 2 shows for each network element, the packet 

20 protocol parts that are processed in the network element in question. The net- 
work elements are the mobile station MS, base station system BSS, support 
node SGSN. The base station and base station controller are not shown sepa- 
rately, because an interface has not been defined between them. The protocol 
processing set for the base station system BSS can thus in principle be dis- 

25 tributed freely between the base station 100 and the base station controller 
102, not however the transcoder 122 even though it does belong to the base 
station system BSS. The network elements MS, BSS and SGSN are sepa- 
rated by interfaces Um and Gb between them. 

[0038] A layer in each apparatus MS, BSS, SGSN communicates 

30 logically with a layer in another apparatus. Only the lowest, physical, layers 
communicate directly with each other. Other layers always use the services 
provided by the next lower layer. A message must thus physically advance 
vertically between the layers and only in the lowest layer does the message 
advance horizontally between the layers. 

35 [0039] The actual bit-level data transmission is done using the low- 

est first, i.e. physical, layer RF, L1. The physical layer defines the mechanical, 



electronic and functional properties for connecting to the physical transmission 
path. The next, second layer, i.e. data link layer, uses the services of the 
physical layer for the purpose of implementing reliable data transmission and 
takes care of transmission error correction, for instance. On the radio interface 
5 170, the data link layer divides into an RLC/MAC (Radio Link Control / Medium 
Access Control) sub-layer and an LLC (Logical Link Control) sub-layer, i.e. a 
logical link control protocol. The third layer, i.e. network layer, provides the 
higher layers independence from data transmission and switching techniques 
which take care of the connections between the apparatuses. The network 

10 layer takes care of connection establishment, maintenance and release, for 
instance. In GSM, the network layer is also called a signaling layer. It has two 
main tasks: routing messages and enabling several independent connections 
simultaneously between two entities. 

[0040] The network layer comprises a session management sub- 

1 5 layer SM and a GPRS mobility management sub-layer GMM. 

[0041] The GPRS mobility management sub-layer GMM takes care 
of the consequences caused by the movement of the user of the mobile sta- 
tion that are not directly related to radio resource management. On the side of 
the public switched telephone network, this sub-layer would take care of veri- 

20 fying the user and connecting the user to the network. In a cellular network, 
this sub-layer supports user mobility, registration and management of data 
generated by mobility. In addition, this sub-layer checks the identity of the mo- 
bile station and the identities of the allowed services. Message transmission of 
this sub-layer takes place between the mobile station MS and the support 

25 node SGSN. 

[0042] The session management sub-layer SM manages all func- 
tions related to packet-switched call management, but does not detect the 
movement of the user. The session management sub-layer SM establishes, 
maintains and releases connections. It has its own procedures for calls initi- 

30 ated by and terminating to the mobile station 150. The message transmission 
of this sub-layer, too, takes place between the mobile station MS and the sup- 
port node SGSN. 

[0043] In the base station system BSS, the messages of the ses- 
sion management sub-layer SM and GPRS mobility management sub-layer 
35 GMM are processed transparently, i.e. they are only transferred back and 
forth. 
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[0044] According to prior art, the logical link control protocol LLC 
establishes a reliable encrypted logical link between SGSN and MS. LLC is 
independent of the lower layers so that the changing of the radio interface 
would affect the network part of the mobile network as little as possible. The 
5 services of the logical link control protocol include: a very reliable logical link 
between peer entities, support for variable-length information frames, support 
for both acknowledged and unacknowledged data transmission, each frame 
contains an unambiguous identifier of a transmitting or receiving mobile sta- 
tion, support for different service criteria, such as different priorities of data 

10 transmission, encryption of transmitted data and user identity. LLC data is 
transmitted between the Urn and Gb interfaces by a logical link control proto- 
col relay LLC RELAY. According to the solution described in this application, 
encryption is not performed in the LLC sub-layer, but in the MAC or RLC sub- 
layer. Other tasks of the LLC sub-layer can also be given to other layers, 

15 whereby the LLC sub-layer can be left out completely. 

[0045] The MAC layer is responsible for the following tasks: multi- 
plexing data and signaling on both uplink (mobile station to network part) and 
downlink (network part to mobile station) connections, management of uplink 
transmission path resource requests, and allocation and timing of downlink 

20 transmission path traffic resources. Traffic priorization management also be- 
longs to this layer. The RLC layer takes care of transmitting LLC-layer data, 
i.e. LLC frames, to the MAC layer; RLC chops the LLC frames into RLC data 
blocks and transmits them to the MAC layer. In the uplink direction, RLC builds 
LLC frames of the RLC data blocks and transmits them to the LLC layer. The 

25 physical layer is implemented in the Urn interface by a radio link, for instance a 
radio interface defined by GSM. For instance, carrier modulation, interleaving 
and error-correction of the data to be transmitted, synchronization and trans- 
mitter power control are performed in the physical layer. 

[0046] A BSSGP (Base Station Subsystem GPRS Protocol) layer 

30 transmits data of the higher layers and information related to routing and the 
quality of service between BSS and SGSN. An FR (Frame Relay) layer per- 
forms the physical transmission of this information. NS (Network Service) 
transmits messages according to the BSSGP protocol. 

[0047] Having now given an example of the structure of a mobile 

35 system and the protocol stacks used therein, it is possible to examine the im- 
plementation of encryption in a mobile system using GERAN. Figure 4 shows 
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how the data flow goes from the transmitting end to the receiving end. The 
transmitting end is on the left in the figure and the receiving end on the right 
side is separated from it by a vertical dashed line. In GERAN, encryption is 
performed in the packet control unit 180 described above, and in the user 
equipment, in the control unit 194. Encryption is performed using a function 
located in the described protocol stacks. The necessary function can be im- 
plemented for instance as a software run in a general-purpose processor, in 
which case the required functions are executed as software components. 
Hardware implementation is also possible, for instance ASIC (Application Spe- 
cific Integrated Circuit) or a control logic made up of separate components. 

[0048] The encryption algorithm 400 is that of the radio access 
network UTRAN employing the wideband code division multiple access 
method of the universal mobile telecommunications system, also known as f8. 
The encryption algorithm is a black box and its implementation exactly the 
same in both the GPRS/EDGE radio access network GERAN and the radio 
access network UTRAN employing the wideband code division multiple access 
method. In practice this means that the same encryption algorithm implemen- 
tation, whether ASIC or software, can be used in both GERAN and UTRAN. 

[0049] UTRAN has an agreed format for the input parameters of the 
encryption algorithm. The agreed format defines the number of the input pa- 
rameters and the length of each parameter. The UTRAN input parameters are 
defined in the above-mentioned 3GPP specifications. They are: an encryption 
key, a counter parameter which changes with time, a directional parameter 
(uplink/downlink) and a bearer parameter. In addition, a parameter indicating 
the length of the encryption mask 412 is needed that does not per se affect 
the internal operation of the encryption algorithm 400, but only indicates how 
many created symbols are taken from the key stream to the encryption mask 
412. 

[0050] The uncrypted data 414 is combined by an XOR operation 
416 with the encryption mask 416 to obtain the encrypted data 418. 

[0051] At the receiving end, the encryption is removed using a 
similar operation as in the transmitting end, i.e. the encryption mask 412 is 
combined by an XOR operation 416 with the received encrypted data 418 to 
obtain the original uncrypted data 414. 

[0052] The transmitting and receiving ends must be synchronized 
with each other in the sense that the parameters 402, 404, 406, 408, 410 of 



the encryption algorithm 400 used to encrypt certain data 414 must also be 
used to decrypt the encrypted data 418 corresponding to said uncrypted data 
414. Implementing this may require signaling between the transmitting end 
and the receiving end. This or data modulation and channel coding are not 
5 described in more detail herein, because they are not essential for the inven- 
tion and are known actions to a person skilled in the art. It is enough to note 
that the transmitting end comprises means 400, 416 for encrypting data to be 
transmitted to the receiving end using an encryption algorithm 400, and the 
receiving end correspondingly comprises means 400, 416 for decrypting data 
10 received from the transmitting end using the encryption algorithm 400. Be- 
cause the connection between GERAN and the user equipment is bi- 
directional, both can serve as transmitting and receiving ends. Thus, both 
GERAN and the user equipment comprise both the encryption means and the 
decryption means. 

15 [0053] The GPRS/EDGE radio access network GERAN comprises 

means 402, 404, 406, 408, 410 for creating the input parameters of agreed 
format required by the encryption algorithm 400 on the basis of the operating 
parameters of the GPRS/EDGE radio access network GERAN. The user 
equipment UE comprises the same means 402, 404, 406, 408, 410. For clar- 

20 ity's sake, Figure 4 uses the same reference numerals 402, 404, 406, 408, 
410 to depict both the parameters of the encryption algorithm 400 and the 
means to process them. In practice, said means are preferably implemented 
by software in the control unit 194 of the user equipment UE or in the packet 
control unit 180 of the GPRS/EDGE radio access network GERAN: 

25 





RLC protocol 


MAC protocol 


Counter parameter 402: 
length 32 bits 


- RLC sequence num- 
ber: length 7 or 1 1 bits, 
value range 0-127 or 
0-2047. 

- Symbol for defining 
whether data to be en- 
crypted is data of sec- 
ond layer signaling 
plane or other data: 
length 1 bit, value 1 . 


Extended TDMA 
frame number: length 
28 bits, value range 0- 
(2 28 -1) 

- Time slot number: 
length 3 bits, value 0- 
7. 

- Symbol for defining 
whether data to be en- 
crypted is data of sec- 
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- Hyper frame number: 
length 24 or 20 bits. 


ond layer signaling 
plane or other data: 
length 1 bit, value 1 . 


Directional parameter 404: 
length 1 bit, value 0/1 






Bearer parameter 406: 
length 5 bits 






Length parameter 410: 
length 16 bits 


Value: length of pay- 
load, or length of full 
block without radio 
bearer identifier and 
RLC sequence num- 
ber. 


Value: length of full 
block. 


Encryption key parameter 

408: length 128 bits. 







Table 1 



[0054] Table 1 shows how the input parameters of required format 
are obtained from the GERAN operating parameters when transmitting user 
5 plane data. The leftmost column of the table shows the parameters required 
by UTRAN. The middle column shows an alternative, in which encryption is 
performed in the RLC protocol layer, and the rightmost column shows an al- 
ternative, in which the encryption is performed in the MAC protocol layer. 

[0055] The UTRAN directional parameter 404 defines the transmis- 
10 sion direction, to which the data to be encrypted is transmitted. Value 0 is 
uplink and value 1 is downlink. The directional parameter 404 can also be 
used as such in GERAN. 

[0056] In UTRAN, the bearer parameter 406 defines the used radio 
bearer identifier. This makes it possible to use the same encryption key 408 
15 when a user uses simultaneously several different radio bearers which have 
been multiplexed to the same physical layer frame. The bearer parameter 406 
can be used as such in GERAN. 

[0057] In UTRAN, the length parameter 410 defines the required 
key stream length, i.e. the length of the encryption mask 412. The length pa- 
20 rameter 410 can be used as such in GERAN. When using the RLC protocol, 
its value is the length of the payload or the length of a full block without the 



radio bearer identifier and RCL sequence number. When using the MAC pro- 
tocol, its value is the length of a full block, in which case the radio bearer iden- 
tifier is not included in the information flow, but is agreed on before starting 
transmission. 

5 [0058] In UTRAN, the encryption key parameter 408 defines the 

encryption key. The encryption key parameter 408 can be used as such in 
GERAN. 

[0059] The UTRAN counter parameter 410 is a 32-bit counter 
changing with time and formed by the hyper frame number and RLC sequence 

10 number, for instance. In the original GSM system, a 22-bit TDMA frame num- 
ber is used as the counter parameter. This means that the counter parameter 
reaches its maximum value already after approximately 3.5 hours of encryp- 
tion. When the counter parameter starts again, the mask begins to get the 
same values again and the encryption can be broken unless a new encryption 

15 key is taken into use. 

[0060] The counter parameter 410 cannot as such be used in GE- 
RAN, but its contents must be changed while the length remains at 32 bits. 
When using the RLC protocol, the counter parameter 410 is formed by the 
RLC sequence number, a symbol which defines whether the data to be en- 

20 crypted is data of the second layer signaling plane or other data, and the hyper 
frame number. The length of the hyper frame number can be 24 bits, in which 
case the length of the RLC sequence number is 7 bits, or the hyper frame 
number can be 20 bits long, in which case the RLC sequence number is 1 1 
bits long. The 1-bit symbol which defines whether the data to be encrypted is 

25 data of the second layer signaling plane or other data obtains in this case the 
value 1 , when the data to be encrypted is other data than data of the second 
layer signaling plane. In practice, when using the RLC protocol, the effective 
length of the counter parameter becomes 31 bits, while the 1-bit symbol is 
constant. 

30 [0061] When using the MAC protocol, the counter parameter 410 is 

formed by an extended TDMA frame number, a time-slot number and a sym- 
bol defining whether the data to be encrypted is data of the second layer sig- 
naling plane or other data. The length of the TDMA frame number is thus ex- 
tended to 28 bits. The 1-bit symbol which defines whether the data to be en- 

35 crypted is data of the second layer signaling plane or other data obtains in this 
case the value 1 , when the data to be encrypted is other data than data of the 



second layer signaling plane. The time slot number can be constant, if only 
one time slot is used. In practice, when using the MAC protocol, the effective 
length of the counter parameter becomes 28 bits, while the 1-bit symbol and 
the time slot number are constant. This is 64 times more than the cycle of the 
5 present GSM counter parameter, and thus sufficient in practice. 

[0062] The same idea as with the hyper frame number is used with 
the extended TDMA frame number. In the present GSM system, the 11 most 
significant bits of the TDMA frame number are used to calculate a multi-frame. 
These 1 1 bits form a T1 counter part which when extended to 16 bits provides 

10 the extended TDMA frame number. A 5-bit T2 counter part and a 6-bit T3 
counter part can be kept in the extended TDMA frame number. 

[0063] When using the RLC protocol, the payload of the user, but 
not the radio bearer identifier or the RLC block header, are encrypted to en- 
sure the reception of the RLC sequence number. Another alternative is to en- 

15 crypt the payload of the user and the header of the block, but not the RLC se- 
quence number or the radio bearer identifier. When using the MAC protocol, 
the entire MAC block is encrypted. 

[0064] Table 2 shows how the input parameters of required format 
are obtained from the GERAN operating parameters when transmitting second 

20 layer signaling plane data. The encryption must then be performed in the MAC 
protocol layer. 

[0065] The directional parameter 404, length parameter 410 and 
encryption key parameter 408 can be used in the same way when transmitting 
second layer signaling plane data as when transmitting other data. 
25 [0066] There is no radio bearer identifier for the second layer sig- 

naling plane data, so the bearer parameter 406 is given a constant value, for 
instance "00000". A specific meaning can also be defined for this constant 
value, as described later. 





MAC protocol 


Counter parameter 402: 
length 32 bits 


Extended TDMA frame 
number: length 28 bits, 
value range 0-(2 28 -1) 

- Time slot number: 
length 3 bits, value 0-7. 

- Symbol for defining 
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whether data to be en- 
crypted is data of sec- 
ond layer signaling 
plane or other data: 
length 1 bit, value 0. 


Directional parameter 404. 
length 1 bit, value 0/1 




Bearer parameter 406: 
length 5 bits 


Value "00000" 


Length parameter 410: 
length 16 bits 


Value: length of full 
block. 


Encryption key parameter 

408: length 128 bits 





Table 2 



[0067] The counter parameter 410 is formed for the second layer 
signaling plane data in the same way as for other data when using the MAC 
protocol, i.e. the counter parameter 410 is formed by an extended TDMA 
frame number, a time slot number and a symbol which defines whether the 
data to be encrypted is data of the second layer signaling plane or other data. 
The 1-bit symbol which defines whether the data to be encrypted is data of the 
second layer signaling plane or other data obtains in this case the value 0, 
when the data to be encrypted is data of the second layer signaling plane. The 
entire MAC block is encrypted. 

[0068] Naturally, the possible values of the 1-bit symbol could be 
defined the other way round, i.e. value 1 would mean that the data to be en- 
crypted is data of the second layer signaling plane, and value 0 would mean 
that the data to be encrypted is other data. 

[0069] The following describes alternative preferred embodiments 
of the invention. 

[0070] In a preferred embodiment, one of the bearer parameter val- 
ues is reserved for signaling plane data to be encrypted. This is the above- 
mentioned constant value, for instance "00000", described in table 2. This 
way, it is possible to replace the symbol which defines whether the data to be 
encrypted is data of the second layer signaling plane or other data. The value 
"00000" defines that the data to be encrypted is data of the second layer sig- 
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naling plane, and any other value defines the used radio bearer identifier. As 
mentioned above, no radio bearer identifier is used for the second layer sig- 
naling plane data. This method provides the advantage that the effective 
length of the counter parameter increases by one bit, and the disadvantage 
that a specific meaning must be defined for one radio bearer identifier. 

[0071] In a preferred embodiment, when using the MAC protocol, 
the information to be stored on the last used extended TDMA frame number is 
stored in the user equipment UE for the next connection, in practice it is gen- 
erally stored on the SIM (Subscriber Identity Module) card of the user equip- 
ment UE. Hyper frame number management known from UTRAN is applied 
hereto. If several radio bearers are used on the same connection, then the 
extended TDMA frame number is stored which has obtained the biggest value. 
When establishing a new connection, only one value then needs to be com- 
municated, and this value is used to begin the encryption of the new connec- 
tion. In UTRAN, said value is referred to as START. The information on the 
last used extended TDMA frame number preferably comprises a certain num- 
ber of the most significant bits in the extended TDMA frame number. Corre- 
spondingly, when using the RLC protocol, the information on the last used hy- 
per frame number is stored in the user equipment UE for the next connection. 
The information to be stored on the last used hyper frame number preferably 
comprises a certain number of the most significant bits of the hyper frame 
number. The described storing of the extended TDMA frame number and/or 
hyper frame number for the next connection can also be performed in the 
GPRS/EDGE radio access network GERAN, most preferably in the packet 
control unit 180. How the signaling of said stored value can easiest and most 
efficiently be done between the user equipment and the GPRS/EDGE radio 
access network GERAN when establishing a new connection affects the se- 
lection of the storage location. One stored START value takes care of connec- 
tions using both the RLC protocol and the MAC protocol to the same user, i.e. 
the maximum of the used values is stored. 

[0072] In a preferred embodiment, when the connection of the user 
equipment UE changes between the GPRS/EDGE radio access network GE- 
RAN and the radio access network UTRAN employing wideband code division 
multiple access method, information on the last used extended TDMA frame 
number or hyper frame number is provided to the new radio access network, 
and the same encryption key input parameter 408 as in the old radio access 
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network is used as the encryption key input parameter 408 of the encryption 
algorithm 400 in the new radio access network. This way, it is possible to avoid 
the use of the same mask 412 for uncrypted data 414 with different content. 
Without this procedure, it would be necessary to always perform the signaling 
required by the initiation of a new encryption key between the user equipment 
UE and the GPRS/EDGE radio access network GERAN when the connection 
changes, due to handover, for instance. In principle, this procedure can be 
implemented in two ways, either so that the user equipment comprises means 
190, 192, 194 for providing information on the last used extended TDMA frame 
number or hyper frame number to the new radio access network when the 
connection of the user equipment UE changes between the GPRS/EDGE ra- 
dio access network GERAN and the radio access network UTRAN employing 
wideband code division multiple access method, or so that the GPRS/EDGE 
radio access network GERAN comprises means 180 for receiving information 
on the last used extended TDMA frame number or hyper frame number to the 
user equipment UE when the connection of the user equipment UE changes 
between the GPRS/EDGE radio access network GERAN and the radio access 
network UTRAN employing wideband code division multiple access method. 

[0073] The described procedures are preferably implemented in 
such a manner that the information to be stored or provided comprises a cer- 
tain number of the most significant bits, and before the information is used in 
the new radio connection or radio access network, the value of the number 
formed by the most significant bits is increased by one. This way, it is possible 
to avoid the use of the same encryption mask 412 twice for uncrypted data 
414 with different content. This can be implemented so that either the user 
equipment UE or the GPRS/EDGE radio access network GERAN comprises 
means 402 for increasing by one the value of the number formed by said most 
significant bits before the information is used in a new connection or in the 
new radio access network. For instance, when moving from GERAN to UT- 
RAN, 20 most significant bits could be stored and when moving from UTRAN 
to GERAN, 17 most significant bits could be stored. This way, the differences 
between the less significant parts remain unimportant, and it is possible to en- 
sure that the same encryption mask 412 is not used twice. 

[0074] With reference to the flow chart in Figure 3, the following 
presents the steps that are taken in the method for transmitting data between 
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the GPRS/EDGE radio access network GERAN and user equipment UE of a 
mobile system. The method starts from block 300. 

[0075] In block 302, the data to be transmitted is encrypted using 
an encryption algorithm 400 at the transmitting end. 
5 [0076] In block 304, the encrypted data is transmitted from the 

transmitting end to the receiving end. 

[0077] in block 306, the transmitted data is decrypted using the en- 
cryption algorithm 400 at the receiving end. 

[0078] The placing of block 310 at both the transmitting end and the 
10 receiving end describes the fact that an encryption algorithm 400 of the radio 
access network UTRAN employing the wideband code division multiple access 
method of the universal mobile telecommunications system is used as the en- 
cryption algorithm 400, in which case the input parameters 402, 404, 406, 408, 
410 of agreed format required by the encryption algorithm 400 are created on 
15 the basis of the operating parameters of the GPRS/EDGE radio access net- 
work GERAN. 

[0079] As the accompanying claims reveal, the method can be 
modified using the above preferred embodiments of the user equipment UE 
and the GPRS/EDGE radio access network GERAN. 
20 [0080] Even though the invention has been explained in the above 

with reference to examples in accordance with the accompanying drawings, it 
is obvious that the invention is not restricted to them but can be modified in 
many ways within the scope of the inventive idea disclosed in the attached 
claims. 



